Denuvo’s game DRM is too hard to crack, so a hacker bypassed it instead

This site may earn affiliate commissions from the links on this page. Terms of use.

In January of this year, well known Chinese cracking forum 3DM predicted that games would become uncrackable by 2018. The reason was a digital rights management (DRM) solution called Denuvo, which was used to protect Just Cause 3 (and many other games) and was proving incredibly difficult to crack.

The reason Denuvo works so well is because it uses anti-tamper tech to encrypt the software being protected. Any crack needs to get around the encryption before it even starts trying to circumvent the DRM. Denuvo’s final ace up its sleeve is the regular updates. If a weakness is identified, Denuvo gets patched and future games will also ship immune to that threat.

But Denuvo has just suffered a rather embarrassing defeat courtesy of a 19-year-old Bulgarian hacker who goes by the name of Voksi. Armed with a copy of the Doom (2016) demo, he discovered a loophole and removed Denuvo’s influence completely from the full version of the game.

Voksi didn’t crack Denuvo, he just took the time to understand how it works and created a workaround in the form of a loader application. Here’s how he did it:

When you install a game from Steam that uses Denuvo for protection, Denuvo assigns a unique ID to it based on the hardware you installed the game on. Try running that copy on another machine and it won’t work properly or at all. So Voksi used the Doom demo to generate a legitimate Denuvo ID which his loader then swaps out and associates with a pirate copy of Doom also installed on the machine. As far as Denuvo can tell, the pirate install is a legal copy and lets it run unhindered.

This workaround worked for 3 days before Denuvo got patched and stopped it. In that time 650,000 pirate copies of the game were made to work and register as legit on Denuvo’s servers. The same workaround was also applied to other games including Rise of the Tomb Raider.

It’s a small victory in the fight against DRM, and Voksi has apparently identified another loophole allowing him to bypass Denuvo once again. The cracks are starting to appear even if a real crack possibly never will.